Regular Expression Denial Of Service (ReDoS)

rails-html-sanitizer is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the attrnode.value attribute in the scrubattributes function of scrubbers.rb, allowing an attacker to crash the application by providing malicious SVG...

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to cross site scripting. The vulnerability exists in the scrubattribute function of scrubbers.rb when the data URIs are used in combination with loofah...